This recent Wall Street Journal Risk & Compliance post asks “what would get more companies to self-disclose bribery?” The article discusses several answers (publicize declinations, start a leniency program, lower the amount of fines), but the best answer is depicted in the picture (with an FCPA compliance defense being the red arrow).
There currently exists an informational gap between those with evidence of FCPA violations (i.e. companies and their counsel who conduct FCPA internal investigations) and the government agencies (DOJ and SEC) who enforce the FCPA.
Although – as highlighted in this recent post – approximately 60% of recent FCPA enforcement actions are the result of corporate voluntary disclosures, it should be an uncontroversial observation that many more FCPA violations (at least based on current enforcement theories) are happening in the global marketplace on a daily basis.
This observation is based on my nearly ten years of FCPA practice experience (and will be recognized as a self-evident truth by other FCPA practitioners) as well as my frequent conversations with FCPA practitioners. While I am not suggesting the following is empirical evidence, the general thrust of comments I hear from FCPA practitioners is that approximately only 50% of FCPA issues in public companies are disclosed to the DOJ/SEC and that very, very few FCPA issues in private companies are disclosed to the DOJ. The follow-up question I then ask is – in the situations in which the company has not voluntarily disclosed, has the DOJ/SEC ever found out about the problematic conduct at issue. The universal response I have received is no.
Put this all together and the resulting landscape is that there are many FCPA violations occurring (at least based on current enforcement theories) that are not disclosed to the enforcement agencies. Because the violations are not disclosed to the enforcement agencies, there is no enforcement action. Because there is no enforcement action, the individual engaging in the problematic conduct are not being held accountable. Because the individual engaging in the problematic conduct is not being held accountable, FCPA enforcement is not as effective as it could be.
The DOJ (and SEC) clearly recognize the gap that exists and in recent months enforcement officials have tried to articulate policies that can help close this gap (see here, here, and here for summaries of recent speeches).
As highlighted in this prior post, the policies articulated by DOJ officials are sensible (voluntarily disclose, cooperate, and identify culpable individuals).
Problem is, this is the same policy the enforcement agencies have been talking about for nearly a decade and its seems not to be closing the gap that exists between evidence of FCPA violations and prosecution of FCPA violations, including individuals. Indeed, as highlighted by this prior post, 82% of corporate SEC FCPA enforcement actions since 2008 have not resulted in any related enforcement action against a company employee and 75% of corporate DOJ FCPA enforcement actions since 2008 have not resulted in any related enforcement action against a company employee.
An FCPA compliance defense will not close this gap completely, but it will help bridge the gap.
As stated in my 2012 article “Revisiting a Foreign Corrupt Practices Act Compliance Defense.”
“An FCPA compliance defense will better facilitate the DOJ’s prosecution of culpable individuals and advance the objectives of its FCPA enforcement program. At present, business organizations that learn through internal reporting mechanisms of rogue employee conduct implicating the FCPA are often hesitant to report such conduct to the enforcement authorities. In such situations, business organizations are rightfully diffident to submit to the DOJ’s opaque, inconsistent, and unpredictable decision-making process and are rightfully concerned that its pre-existing FCPA compliance policies and procedures and its good faith compliance efforts will not be properly recognized. The end result is that the DOJ often does not become aware of individuals who make improper payments in violation of the FCPA and the individuals are thus not held legally accountable for their actions. An FCPA compliance defense surely will not cause every business organization that learns of rogue employee conduct to disclose such conduct to the enforcement agencies. However, it is reasonable to conclude that an FCPA compliance defense will cause more organizations with robust FCPA compliance policies and procedures to disclose rogue employee conduct to the enforcement agencies. Thus, an FCPA compliance defense can better facilitate DOJ prosecution of culpable individuals and increase the deterrent effect of FCPA enforcement actions.”
Are the enforcement agencies capable of viewing an FCPA compliance defense, not as a race to the bottom, but a race to the top? Are the enforcement agencies capable of viewing an FCPA compliance defense as helping them better achieve their FCPA policy objectives?
Let’s hope so, because the gap is problematic.
Might a compliance defense result in 1 or 2 fewer corporate enforcement actions per year? Perhaps, but against this slight drop in “hard” enforcement would be an increase in “soft” enforcement of the FCPA (see here and here), and indeed because the gap would be narrowed there would be more “hard” enforcement of culpable individual actors.